http://blog.talosintel.com/2016/06/the-poisoned-archives.html

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

91328

http://www.talosintel.com/reports/TALOS-2016-0153/

https://bugzilla.redhat.com/show_bug.cgi?id=1348441

https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77

https://github.com/libarchive/libarchive/issues/715

GLSA-201701-03

An update of the libarchive package has been released.

An update of [binutils,ntp,libarchive] packages for PhotonOS has been released.

The remote host is affected by the vulnerability described in GLSA-201701-03 (libarchive: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libarchive. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted       archive file possibly resulting in the execution of arbitrary code with       the privileges of the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

libarchive was updated to fix 20 security issues. These security issues were fixed :

  - CVE-2015-8918: Overlapping memcpy in CAB parser     (bsc#985698).

  - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser     (bsc#985697).

  - CVE-2015-8920: Stack out of bounds read in ar parser     (bsc#985675).

  - CVE-2015-8921: Global out of bounds read in mtree parser     (bsc#985682).

  - CVE-2015-8922: NULL pointer access in 7z parser     (bsc#985685).

  - CVE-2015-8923: Unclear crashes in ZIP parser     (bsc#985703).

  - CVE-2015-8924: Heap buffer read overflow in tar     (bsc#985609).

  - CVE-2015-8925: Unclear invalid memory read in mtree     parser (bsc#985706).

  - CVE-2015-8926: NULL pointer access in RAR parser     (bsc#985704).

  - CVE-2015-8928: Heap out of bounds read in mtree parser     (bsc#985679).

  - CVE-2015-8929: Memory leak in tar parser (bsc#985669).

  - CVE-2015-8930: Endless loop in ISO parser (bsc#985700).

  - CVE-2015-8931: Undefined behavior / signed integer     overflow in mtree parser (bsc#985689).

  - CVE-2015-8932: Compress handler left shifting larger     than int size (bsc#985665).

  - CVE-2015-8933: Undefined behavior / signed integer     overflow in TAR parser (bsc#985688).

  - CVE-2015-8934: Out of bounds read in RAR (bsc#985673).

  - CVE-2016-4300: Heap buffer overflow vulnerability in the     7zip read_SubStreamsInfo (bsc#985832).

  - CVE-2016-4301: Stack buffer overflow in the mtree     parse_device (bsc#985826).

  - CVE-2016-4302: Heap buffer overflow in the Rar     decompression functionality (bsc#985835).

  - CVE-2016-4809: Memory allocate error with symbolic links     in cpio archives (bsc#984990).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

libarchive was updated to fix 20 security issues.

These security issues were fixed :

  - CVE-2015-8918: Overlapping memcpy in CAB parser     (bsc#985698).

  - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser     (bsc#985697).

  - CVE-2015-8920: Stack out of bounds read in ar parser     (bsc#985675).

  - CVE-2015-8921: Global out of bounds read in mtree parser     (bsc#985682).

  - CVE-2015-8922: NULL pointer access in 7z parser     (bsc#985685).

  - CVE-2015-8923: Unclear crashes in ZIP parser     (bsc#985703).

  - CVE-2015-8924: Heap buffer read overflow in tar     (bsc#985609).

  - CVE-2015-8925: Unclear invalid memory read in mtree     parser (bsc#985706).

  - CVE-2015-8926: NULL pointer access in RAR parser     (bsc#985704).

  - CVE-2015-8928: Heap out of bounds read in mtree parser     (bsc#985679).

  - CVE-2015-8929: Memory leak in tar parser (bsc#985669).

  - CVE-2015-8930: Endless loop in ISO parser (bsc#985700).

  - CVE-2015-8931: Undefined behavior / signed integer     overflow in mtree parser (bsc#985689).

  - CVE-2015-8932: Compress handler left shifting larger     than int size (bsc#985665).

  - CVE-2015-8933: Undefined behavior / signed integer     overflow in TAR parser (bsc#985688).

  - CVE-2015-8934: Out of bounds read in RAR (bsc#985673).

  - CVE-2016-4300: Heap buffer overflow vulnerability in the     7zip read_SubStreamsInfo (bsc#985832).

  - CVE-2016-4301: Stack-based buffer overflow in the mtree     parse_device (bsc#985826).

  - CVE-2016-4302: Heap buffer overflow in the Rar     decompression functionality (bsc#985835).

  - CVE-2016-4809: Memory allocate error with symbolic links     in cpio archives (bsc#984990).

This update was imported from the SUSE:SLE-12:Update update project.

Hanno Bock and Cisco Talos report :

- Out of bounds heap read in RAR parser

- Signed integer overflow in ISO parser

- TALOS-2016-0152 [CVE-2016-4300]: 7-Zip read_SubStreamsInfo Integer Overflow

- TALOS-2016-0153 [CVE-2016-4301]: mtree parse_device Stack Based Buffer Overflow

- TALOS-2016-0154 [CVE-2016-4302]: Libarchive Rar RestartModel Heap Overflow

ID	Name	Product	Family	Severity
121677	Photon OS 1.0: Libarchive PHSA-2017-0010	Nessus	PhotonOS Local Security Checks	high
111859	Photon OS 1.0: Binutils / Libarchive / Ntp PHSA-2017-0010 (deprecated)	Nessus	PhotonOS Local Security Checks	critical
96234	GLSA-201701-03 : libarchive: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
93185	SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2016:1909-1)	Nessus	SuSE Local Security Checks	high
92975	openSUSE Security Update : libarchive (openSUSE-2016-969)	Nessus	SuSE Local Security Checks	high
91791	FreeBSD : libarchive -- multiple vulnerabilities (4a0d9b53-395d-11e6-b3c8-14dae9d210b8)	Nessus	FreeBSD Local Security Checks	high

CVE-2016-4301

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

critical

high

high

high

high